OpenCVE

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hashicorp	Consul

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:consul:::::-:::*
	cpe:2.3:a:hashicorp:consul:::::enterprise:::*

No data.

References

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525

History

Mon, 07 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 26 Sep 2024 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284

Thu, 26 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:hashicorp:consul:1.15.0::::-::: cpe:2.3:a:hashicorp:consul:1.15.0::::enterprise:::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 26 Sep 2024 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-266

MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-06-02T22:43:34.553Z

Updated: 2024-10-07T20:12:01.627Z

Reserved: 2023-05-19T18:11:06.618Z

Link: CVE-2023-2816

Vulnrichment

Updated: 2024-08-02T06:33:05.672Z

NVD

Status : Modified

Published: 2023-06-02T23:15:09.503

Modified: 2024-09-26T19:15:05.547

Link: CVE-2023-2816

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2816", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2023-05-19T18:11:06.618Z", "datePublished": "2023-06-02T22:43:34.553Z", "dateUpdated": "2024-10-07T20:12:01.627Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Consul", "repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "versions": [{"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.15.1"}, {"status": "affected", "version": "1.15.2"}]}, {"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Consul Enterprise", "repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "versions": [{"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.15.1"}, {"status": "affected", "version": "1.15.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.</p><br/>"}], "value": "Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies."}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113: Interface Manipulation"}]}], "metrics": [{"cvssV3_1": {"baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2024-09-26T18:59:27.367Z"}, "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"}], "source": {"advisory": "HCSEC-2023-16", "discovery": "INTERNAL"}, "title": "Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner"}, "adp": [{"affected": [{"vendor": "hashicorp", "product": "consul", "cpes": ["cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.15.0", "status": "affected", "lessThanOrEqual": "1.15.2", "versionType": "custom"}]}, {"vendor": "hashicorp", "product": "consul", "cpes": ["cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.15.0", "status": "affected", "lessThanOrEqual": "1.15.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-07T20:11:32.907747Z", "id": "CVE-2023-2816", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T20:12:01.627Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.672Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.672Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-07T20:11:32.907747Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*"], "vendor": "hashicorp", "product": "consul", "versions": [{"status": "affected", "version": "1.15.0", "versionType": "custom", "lessThanOrEqual": "1.15.2"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*"], "vendor": "hashicorp", "product": "consul", "versions": [{"status": "affected", "version": "1.15.0", "versionType": "custom", "lessThanOrEqual": "1.15.2"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T14:48:42.522Z"}}], "cna": {"title": "Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner", "source": {"advisory": "HCSEC-2023-16", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113: Interface Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "product": "Consul", "versions": [{"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.15.1"}, {"status": "affected", "version": "1.15.2"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "product": "Consul Enterprise", "versions": [{"status": "affected", "version": "1.15.0"}, {"status": "affected", "version": "1.15.1"}, {"status": "affected", "version": "1.15.2"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"}], "descriptions": [{"lang": "en", "value": "Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.", "supportingMedia": [{"type": "text/html", "value": "<p>Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2024-09-26T18:59:27.367Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2816", "state": "PUBLISHED", "dateUpdated": "2024-10-07T20:12:01.627Z", "dateReserved": "2023-05-19T18:11:06.618Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2023-06-02T22:43:34.553Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", "matchCriteriaId": "9D592391-F006-4F99-BF39-DAA3D2B86305", "versionEndExcluding": "1.15.3", "versionStartIncluding": "1.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "12E16E32-03E5-44B6-BAB5-8809E6E852F4", "versionEndExcluding": "1.15.3", "versionStartIncluding": "1.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies."}], "id": "CVE-2023-2816", "lastModified": "2024-09-26T19:15:05.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-06-02T23:15:09.503", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@hashicorp.com", "type": "Secondary"}]}